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An apparatus for outputting individual authentication information 



(57) An individual authentication information output 
apparatus, connectable to a plurality of information 
processing systems through a network, includes an in- 
put section for receiving an input from a user; an indi- 
vidual authentication section for outputting an individual 
authentication result of the user based on the input from 
the user; a specification section for specifying at least 
an information processing system selected by the user 
among the plurality of information processing systems; 
a database for managing individual authentication infor- 
mation in association with the individual authentication 
result provided by the individual authentication section 
and a specification result provided by the specification 
section; and a database access section for, based on 
the individual authentication result provided by the indi- 
vidual authentication section and the specification result 
provided by the specification section, reading the indi- 
vidual authentication information associated therewith, 
and outputting the read individual authentication infor- 
mation to the selected information processing system 
through the network. 
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Description 

1 . FIELD OF THE INVENTION: 

[0001 ] The present invention relates to an apparatus 
for outputting individual authentication information (in- 
dividual authentication information output apparatus) 
connectable to a plurality of information processing sys- 
tems through a network. 

2. DESCRIPTION OF THE RELATED ART: 



[0002] Conventionally, systems for performing busi- 
ness transactions, such as product purchases and use 
of paid information services, using cellular phones are 
known. In order to perform a business transaction, it is 
necessary to connect a cellular phone to a network pro- 
vider through a base station and then to a company, 
such as a supplier or a customer, through the network. 
[0003] In order to connect a cellular phone to a net- 
work provider, the user typically needs to input his/her 
password to the cellular phone. Even after the cellular 
phone is connected to the network provider, the user is 
often requested to input his/her password each time he/ 
she attempts to use a service provided by the network 
provider (for example, reading of mails or mediation for 
connection to a business connection). The user cannot 
always use the same password for all these services. 
Different services provided by the network provider may 
require a different number of characters for a password. 
[0004] In order to perform business transactions with 
a plurality of business connections, it is typically neces- 
sary to set a different password for each business trans- 
action or for each service provided by the same busi- 
ness connection. The reason for this is because the 
number of characters required for a password is often 
different depending on the business connection. 
[0005] The user needs to set different passwords for 
using a plurality of services provided by a network pro- 
vider or for performing business transactions with a plu- 
rality of business connections. It is difficult for the user 
to manage all the passwords comprehensively. 
[0006] It is conceivable to reduce the number of char- 
acters of passwords so that all the passwords are 
formed of the same character string in order to allow the 
user to manage his/her passwords more easily. Howev- 
er, a password of only about four characters can be eas- 
ily stolen by people in close vicinity of the user when he/ 
she performs a business transaction in public, and sub- 
sequently misused. Conversely, a password of a larger 
number of characters is difficult for the user to remem- 
ber. . 
[0007] One objective of the present invention is to pro- 
vide an individual authentication information output ap- 
paratus for easily managing passwords without causing 
the user to be concerned about a great number of pass- 
words even when there are a great number of business 
connections. 



[0008] Individual authentication systems for authenti- 
cating an individual using biometric information such as, 
for example, a fingerprint or an iris instead of a password 
(character or symbol code string) have been developed 
5 (see, for example. Japanese Laid-Open Publication No. 
11-53317). Such systems provide a significantly lower 
probability of incorrect authentication as compared to an 
individual authentication system based on a password, 
and therefore are expected to be used more widely. 
10 [0009] However, where different individual authenti- 
cation systems are used for different business connec- 
tions, it is necessary to construct an information system 
or change an existing information system so that a plu- 
rality of individual authentication systems can be han- 
15 died by a cellular phone or a business connection. Con- 
ceivable information systems are, for example, (1) 
mounting a plurality of individual authentication systems 
oh each cellular phone, (2) the user carrying a plurality 
of cellular phones each having a single individual au- 
20 thentication system mounted thereon, and (3) construct- 
ing an information system so that each business con- 
nection can handle a plurality of individual authentica- 
tion systems. Information system (1) increases the cost 
of the cellular phone, information system (2) is incon- 
25 venient to the user, and information system (3) causes 
the business connection to increase the cost. None of 
the results are favorable. 

[001 0] Another objective of the present invention is to 
provide an individual authentication information output 
30 apparatus capable of handling a plurality of individual 
authentication systems. 



SUMMARY OF THE INVENTION 

35 [0011] According to one aspect of the invention, an 
individual authentication information output apparatus 
connectable to a plurality of information processing sys- 
tems through a network includes an input section for re- 
ceiving an input from a user, an individual authentication 
40 section for outputting an individual authentication result 
of the user based on the input from the user; a specifi- 
cation section for specifying at least an information 
processing system selected by the user among the plu- 
rality of information processing systems; a database for 
45 managing individual authentication information in asso- 
ciation with the individual authentication result provided 
by the individual authentication section and a specifica- 
tion result provided by the specification section; and a 
database access section for, based on the individual au- 
50 thentication result provided by the individual authentica- 
tion section and the specification result provided by the 
specification section, reading the individual authentica- 
tion information associated therewith, and outputtingthe 
read individual authentication information to the select- 
55 ed information processing system through the network. 
[0012] In one embodiment of the invention, the spec- 
ification section further specifies a service selected by 
the user among a plurality of services provided by the 
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information processing system selected by the user. 
[0013] In one embodiment of the invention, the indi- 
vidual authentication information is either one of a pass- 
word, biometric information and pseudo biometric infor- 
mation. 

[0014] In one embodiment of the invention, the input 
from the user is biometric information representing at 
least one of fingerprint, face, retina, iris, handprint, voice 
and handwriting. 

[0015] According to another aspect of the invention, 
an individual authentication information output appara- 
tus connectable to a plurality of terminals and a plurality 
of information processing systems through a network is 
provided. The plurality of terminals include a first termi- 
nal having a first input section for receiving a first type 
input from the user and a second terminal having a sec- 
ond input section for receiving a second type input, 
which is different from the first type input, from a user. 
The first type input and the second type input are pro- 
vided to the individual authentication information output 
apparatus through the network. The apparatus includes 
an individual authentication section for outputting an in- 
dividual authentication result of the user based on one 
of the first type input and the second type input from the 
user; a specification section for specifying at least an 
information processing system selected by the user 
among the plurality of information processing systems; 
a database for managing individual authentication infor- 
mation in association with the individual authentication 
result provided by the individual authentication section 
and a specification result provided by the specification 
section; and a database access section for, based on 
the individual authentication result provided by the indi- 
vidual authentication section and the specification result 
provided by the specification section, reading the indi- 
vidual authentication information associated therewith, 
and outputting the read individual authentication infor- 
mation to the selected information processing system 
through the network. 

[001 6] In one embodiment of the invention, the spec- 
ification section further specifies a service selected by 
the user among a plurality of services provided by the 
information processing system selected by the user. 
[0017] In one embodiment of the invention, the indi- 
vidual authentication information is either one of a pass- 
word, biometric information and pseudo biometric infor- 
mation. 

[001 8] In one embodiment of the invention, the input 
from the user is biometric information representing at 
least one of fingerprint, face, retina, iris, handprint, voice 
and handwriting. 

[001 9] According to still another aspect of the inven- 
tion, an individual authentication information output ap- 
paratus connectable to a plurality of terminals and a plu- 
rality of information processing systems through a net- 
work is provided. The plurality of terminals include a first 
terminal having a first input section for receiving first 
type individual authentication information from a user. 



The first type individual authentication information is 
provided to the individual authentication information out- 
put apparatus through the network. The apparatus in- 
cludes a database for managing second type individual 
s authentication information, which is 'different from the 
first type individual authentication information, in asso- 
ciation with the first type individual authentication infor- 
mation; and a database access section for, based on 
the first type individual authentication information, read- 
to ing the second type individual authentication informa- 
tion associated therewith, and outputting the read sec- 
ond type individual authentication information to a se- 
lected information processing system among the plural- 
ity of information processing systems through the net- 
15 work. 

[0020] In one embodiment of the invention, each of 
the first type individual authentication information and 
the second type individual authentication information is 
either one of a password, biometric information and 
20 pseudo biometric information. 

[0021] In one embodiment of the invention, the input 
from the user is biometric information representing at 
least one of fingerprint, face, retina, iris, handprint, voice 
and handwriting. 
25 [0022] In one embodiment of the invention, the data- 
base is a medium detachable from the individual au- 
thentication information output apparatus. 
[0023] Thus, the invention described herein makes 
possible the advantages of providing (1) an individual 
30 authentication information output apparatus for easily 
managing passwords without causing the user to be 
concerned about a great number of passwords even 
when there are a great number of business connections; 
and (2) an individual authentication information output 
35 apparatus capable of handling a plurality of individual 
authentication systems. 

[0024] These and other advantages of the present in- 
vention will become apparent to those skilled in the art 
upon reading and understanding the following detailed 
40 description with reference to the accompanying figures. 



BRIEF DESCRIPTION OF THE DRAWINGS 



[0025] 



45 



50 



55 



Figure 1 is a block diagram illustrating an exemplary 
structure of an individual authentication information 
output apparatus 290 according to a first example 
of the present invention; 

Figure 2 is a block diagram illustrating an exemplary 
structure of an individual authentication information 
output apparatus 400 according to a second exam- 
ple of the present invention; 

Figure 3 is a block diagram illustrating another -ex- 
emplary structure of a terminal 420; 
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Figure 4 is a block diagram illustrating still another 
exemplary structure of the terminal 420; 

Figure 5 is a block diagram illustrating still another 
exemplary structure of the terminal 420; 

Figure6 is a block diagram illustrating an exemplary 
structure of an individual authentication information 
output apparatus 600 according to a third example 
of the present invention; 

Figure 7 is a block diagram illustrating another ex- 
emplary structure of the individual authentication in- 
formation output apparatus 600; and 

Figure 8 is a block diagram illustrating still another 
exemplary structure of the individual authentication 
information output apparatus 600. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0026] Hereinafter, the present invention will be de- 
scribed by way of illustrative examples with reference to 
the accompanying drawings. 

(Example 1) 

[0027] Figure 1 shows an exemplary structure of an 
individual authentication information output apparatus 
290 accordingto a first example of the present invention. 
[0028] The individual authentication information out- 
put apparatus 290 is constructed to be connectabie to 
a plurality of information processing systems through a 
network 300. 

[0029] Figure 1 shows , as exemplary connection des- 
tinations (i.e., the other ends of the connection) of the 
individual authentication information output apparatus 
290, an information processing system 310 (connection 
destination a) and an information processing system 
320 (connection destination b). The number of informa- 
tion processing systems which are connected to the in- 
dividual authentication information output apparatus 
290 is not limited to two. The individual authentication 
information output apparatus 290 is constructed to be 
connectabie to any number of information processing 
systems through the network 300. 
[0030] The connection/disconnection between the in- 
dividual authentication information output apparatus 
290 and each information processing system is control- 
led by a network connection section 280. The network 
300 can be any type of network, for example, the Inter- 
net. 

[0031] In this example, the information processing 
system 31 0 requests a user to input a password for each 
service provided by the information processing system 
310. In order to determine whether the password input 
by the user is proper or not, the information processing 



system 310 has a database 330 for managing pass- 
words in association with the users and the contents of 
services. In the example shown in Figure 1 , the data- 
base 330 manages a password 1 in association with a 
s user A and a service a. 

[0032] It is assumed that, for example, the user A ap- 
plies to the information processing system 310 for use 
of the service a. Such an application is achieved by, for 
example, directly or indirectly inputting, to the informa- 
w tion processing system 310, the information that the us- 
er A wants to use the service a. Then, the information 
processing system 310 determines whether the pass- 
word input to the information processing system 310 
matches the password 1 stored in the database 330 or 
is not. When the two passwords match each other, the in- 
formation processing system 310 determines that the 
input password is proper and permits the user A to use 
the service a. When the two passwords do not match 
each other, the information processing system 310 re- 
20 jects use of the service a by the user A. 

[0033] Similarly, the information processing system 
320 requests the user to input a password for each serv- 
ice provided by the information processing system 320. 
The information processing system 320 has a similar 
25 structure to that of the information processing system 
310 and will not be described here. 
[0034] The individual authentication information out- 
put apparatus 290 includes a biometric information input 
section 210, an individual authentication section 220, a 
30 connection destination and service specification section 
230, a database 240, and a database access section 
250. 

[0035] The biometric information input section 210 is 
used to input biometric information of the user to the in- 
35 dividual authentication information output apparatus 
290. In the case where the biometric information repre- 
sents at least one of fingerprint, face, retina, iris, hand- 
print, and handwriting, an image input device such as, 
for example, a camera or a tablet is used as the biomet- 
40 ric information input section 210. When the biometric in- 
formation represents voice, a microphone is used as the 
biometric information input section 21 0. 
[0036] The individual authentication section 220 out- 
puts an authentication result of the user (individual au- 
45 thentication result) based on the biometric information 
of the user input by the biometric information input sec- 
tion 210. 

[0037] The connection destination and service spec- 
ification section 230 specifies the "information process- 
50 ing system (connection destination)* 1 and the "service" 
applied by the user for use. Such specification is per- 
formed by, for example, referring to information repre- 
senting the latest connection destination and informa- 
tion representing the latest service which are stored in 
55 the network connection section 280. Herein, the term 
"information processing system (connection destina- 
tion)" refers to an information processing system which 
is selected by the user among a plurality of information 
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processing systems connectable to the individual au- 
thentication information output apparatus 290. The term 
"service" refers to a service which is selected by the user 
among a plurality of services provided by the information 
processing system selected by the user. The informa- 
tion processing system selected by the user can be 
specified by, for example, the telephone number or the 
name of the connection destination. The service select- 
ed by the user can be specified by, for example, the 
amount of money involved in the transaction or the re- 
sponse from the connection destination. 
[0038] The database 240 manages passwords in as- 
sociation with individual authentication results provided 
by the individual authentication section 220 and speci- 
fication results provided by the connection destination 
and service specification section 230. 
[0039] Based on a specific individual authentication 
result provided by the individual authentication section 
220 and a specific specification result provided by the 
connection destination and service specification section 
230, the database access section 250 reads the pass- 
word associated with the individual authentication result 
and the specification result, and outputs the read pass- 
word to the information processing system of the con- 
nection destination through the network 300. 
[0040] Hereinafter, an operation of the individual au- 
thentication information output apparatus 290 will be de- 
scribed. Here, it is assumed that the user A uses the 
service a (product purchase service) provided by the in- 
formation processing system 310 to take steps to pur- 
chase a product. In this case, the user A connects the 
individual authentication information output apparatus 
290 to the information processing system 310 (connec- 
tion destination a) and determines which product to pur- 
chase using the service a. The product to purchase can 
be determined by, for example, following a hierarchical 
menu displayed on a screen of a display section (not 
shown). 

[0041 ] When the user selects to use the service a pro- 
vided by the information processing system 310 in this 
manner, the information processing system 310 re- 
quests the individual authentication information output 
apparatus 290 to input the password of the user in order 
to check whether the user is the user A. 
[0042] In response to the request from the information 
processing system 310, the biometric information input 
section 210 requests the user to input biometric infor- 
mation. The biometric information input section 210 re- 
ceives biometric information representing, for example, 
his/her fingerprint from the user and outputs the biomet- 
ric information to the individual authentication section 
220. 

[0043] In the case where the biometric information 
representing the fingerprint is input by the biometric in- 
formation input section 210, the individual authentica- 
tion section 220 outputs a signal specifying an individual 
having the fingerprint to the database access section 
250. When, for example, the user is confirmed to be the 



user A, the individual authentication section 220 outputs 
a signal representing the "user A" to the database ac- 
cess section 250 as an individual authentication result. 
[0044] In response to a request from the information 

5 processing system 31 0, the connection destination and 
service specification section 230 specifies the informa- 
tion processing system selected by the user and the 
service selected by the user. When, for example, the in- 
formation processing system selected by the user is 

10 specified as the information processing system 310 
(connection destination a) and the service selected by 
the user is specified as the service a, the connection 
destination and service specification section 230 out- 
puts a signal representing the "connection destination 

15 a" and "service a" to the database access section 250 
as a specification result. 

[0045] The database access section 250 receives the 
signal representing the "user A" from the individual au- 
thentication section 220 and receives the signal repre- 
20 senting the "connection destination a" and "service a" 
from the connection destination and service specifica- 
tion section 230, and reads a password associated with 
the "user A", "connection destination a" and "service a" 
(in the example shown in Figure 1, the "password 1") 
25 from the database 240. Th e password read from the da- 
tabase 240 is sent to the information processing system 
310 (connection destination a) through the network con- 
nection section 280 and the network 300. 
[0046] As described above, using the individual au- 
30 thentication information output apparatus 290, a pass- 
word corresponding to the information processing sys- 
tem selected by the user as a connection destination 
and the service selected by the user is output. Due to 
such a system, the user need not be concerned whether 
35 or not different passwords are set for different connec- 
tion destinations and different services. Even when 
there are a great number of connection destinations and 
services, all the user needs to do is input the same bio- 
metric information to the biometric information input sec- 
40 tion 21 0. Thus, even when there are a great number of 
connection destinations and services, all the passwords 
can be handled comprehensively without causing the 
user to be concerned about a great number of pass- 
words. 

45 [0047] The individual authentication information out- 
put apparatus 290 can perform individual authentication 
without relying on the individual authentication system 
of the information processing system of the connection 
destination. Therefore, even when the information 

50 processing system of the connection destination keeps 
on using a conventional individual authentication sys- 
tem (for example, a password-based individual authen- 
tication system), a highly reliable individual authentica- 
tion system can be introduced without changing the in- 

55 formation processing system of the connection destina- 
tion. 

[0048] In the above example, the information input to 
the individual authentication section 220 is biometric in- 
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formation. One advantage of using biometric informa- 
tion for individual authentication is that the biometric in- 
formation provides a higher level of reliability than a 
password (character or symbol code string). According- 
ly, use of biometric information is suitable for transac- 
tions involving a large amount of money. Another advan- 
tage of using biometric information for individual authen- 
tication is thatthe biometric information has a lower level 
risk of being stolen or misused than a password. Ac- 
cordingly, use of biometric information is suitable for 
transactions performed in public. 
[0049] It should be noted, however, that information 
input to the individual authentication section 220 is not 
limited to biometric information. Information input to the 
individual authentication section 220 can be any type of 
information usable for individual authentication. For ex- 
ample, a password (character or symbol code string) 
can be input instead of the biometric information. In- 
stead of the biometric information input section 21 0, any 
type of input section for receiving information which is 
input by the user can be used. 

[0050] In the above example, the connection destina- 
tion and service specification section 230 specifies both 
(i) an information processing system selected by the us- 
er among a plurality of information processing systems 
connectable to the individual authentication information 
output apparatus 290 and (ii) a service selected by the 
user among a plurality of services provided by the infor- 
mation processing system selected by the user. The 
present invention is not limited to this. In the case where, 
for example, one same password is set in one informa- 
tion processing system for all the services provided by 
the information processing system, the connection des- 
tination and service specification section 230 need only 
specify an information processing system selected by 
the user among a plurality of information processing 
systems connectable to the individual authentication in- 
formation output apparatus 290. In this manner, the con- 
nection destination and service specification section 
230 can act as a section for specifying at least an infor- 
mation processing system selected by the user among 
a plurality of information processing systems connecta- 
ble to the individual authentication information output 
apparatus 290. 

[0051] In the above example, the information read 
from the database 240 by the database access section 
250 is a password (character or symbol code string). 
The present invention is not limited to this. The informa- 
tion which is read from the database 240 by the data- 
base access section 250 can be any type of individual 
authentication information usable for individual authen- 
tication. The individual authentication information can 
be, for example, biometric information (code string) ob- 
tained as an output of the biometric information input 
section 210 or pseudo biometric information (code 
string) having the same format as that of the biometric 
information. Herein, the term "pseudo biometric infor- 
mation" refers to information artificially produced so as 



to be similar to biometric information. 
[0052] The individual authentication information out- 
put apparatus 290 can be set to be constantly operating 
or to be started only when an information processing 
5 system of a connection destination requests for individ- 
ual authentication. An activation section 260 activates 
the individual authentication information output appara- 
tus 290 when necessary. In this manner, the power con- 
sumption of the individual authentication information 
10 output apparatus 290 can be reduced. 

[0053] The connection destination and service spec- 
ification section 230 can obtain information used for 
specifying the connection destination and service from 
databases other than the networic connection section 
15 280 (for example, an address directory). 

[0054] At least one of information stored in the data- 
base 240, information to be input to the database 240 
and information to be output from the database 240 can 
be encrypted. 

20 

(Example 2) 



[0055] Figure 2 shows an exemplary structure of an 
individual authentication information output apparatus 
25 400 according to a second example of the present in- 
vention. 

[0056] The individual authentication information out- 
put apparatus 400 is constructed to be connectable to 
a plurality of information processing systems including 
30 an information processing system 31 0 (connection des- 
tination a) and an information processing system 320 
(connection destination b) through a network 300, as in 
the first example. 

[0057] The individual authentication information out- 
35 put apparatus 400 is constructed to be connectable also 
to a plurality of .terminals through the network 300. 
[0058] Figure 2 shows a terminal 420 (user terminal 
A) as an exemplary terminal having a function of receiv- 
ing biometric information representing an iris, and ater- 
40 minal 425 (user terminal B) as an exemplary terminal 
having a function of receiving biometric information rep- 
resenting a fingerprint 

[0059] The terminal 420 includes an iris pattern input 
section 430 for receiving an iris pattern of a user, anen- 
45 cryption and decryption section 440 for encrypting the 
iris pattern, and a network connection section 450 for 
sending the encrypted iris pattern to the individual au- 
thentication information output apparatus 400 through 
the network 300. Herein, the term "iris pattern 1 " refers to 
so biometric information {code string) representing an iris 
of a user. 

[0060] The terminal 425 includes a fingerprint pattern 
input section 435 for receiving a fingerprint pattern of a 
user, an encryption and decryption section 445 for en- 
55 crypting the fingerprint pattern, and a network connec- 
tion section 455 for -sending the encrypted fingerprint 
pattern to the individual authentication information out- 
put apparatus 400 through the network 300. Herein, the 
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term "fingerprint pattern" refers to biometric information 
(code string) representing a fingerprint of a user. 
[0061] The individual authentication information out- 
put apparatus 400 includes an individual authentication 
section 480 both compatible with fingerprint and iris au- 
thentication, a connection destination and service spec- 
ification section 230, a database 240, and a database 
access section 250. 

[0062] The individual authentication section 480 has 
a function of outputting an individual authentication re- 
sult based on a fingerprint pattern and a function of out- 
putting an individual authentication result based on an 
iris pattern. 

[0063] Regarding Figure 2, identical elements previ- 
ously discussed with respect to Figure 1 bear identical 
reference numerals and the detailed descriptions there- 
of will be omitted. 

[0064] Hereinafter, an operation of the individual au- 
thentication information output apparatus 400 will be de- 
scribed. Here, it is assumed that the user A operating 
the terminal 420 uses the service a (product purchase 
service) provided by the information processing system 
310 to take steps to purchase a product. In this case, 
the user A connects the terminal 420 to the information 
processing system 310 (connection destination a) and 
determines which product to purchase using the service 
a. The product to purchase can be determined by, for 
example, following a hierarchical menu displayed on a 
screen of a display section (not shown) of the terminal 
420. 

[0065] When the user selects to use the service a pro- 
vided by the information processing system 310 using 
the terminal 420, the information processing system 31 0 
requests the terminal 420 to input the individual authen- 
tication information of the user in order to check whether 
the user is the user A. 

[0066] In response to the request from the information 
processing system 31 0, the iris pattern input section 430 
requests the user to input an iris pattern. The iris pattern 
which is input to the iris pattern input section 430 is then 
encrypted by the encryption and decryption section 440. 
The encrypted iris pattern is sent to the individual au- 
thentication information output apparatus 400 by the 
network connection section 450. 
[0067] A decryption section 470 included in the indi- 
vidual authentication information output apparatus 400 
receives the encrypted iris pattern sent by the network 
connection section 450 through a network connection 
section 460 included in the individual authentication in- 
formation output apparatus 400 and decrypts the en- 
crypted iris pattern so as to generate an iris pattern. The 
generated iris pattern is output to the individual authen- 
tication section 480. 

[0068] When receiving the iris pattern from the de- 
cryption section 470, the individual authentication sec- 
tion 480 executes individual authentication processing 
based on the iris pattern and outputs a signal specifying 
an individual having the iris pattern to the database ac- 



cess section 250. When, for example, the user is con- 
firmed to be the user A, the individual authentication 
section 480 outputs a signal representing the "user A" 
to the database access section 250 as an individual au- 
5 thentication result. 

[0069] The connection destination and service spec- 
ification section 230, the database 240 and the data- 
base access section 250 operate as described in the 
first example. 

10 [0070] The database access section 250 reads the 
password associated with the "user A", "connection 
destination a" and "service a" (in the example shown in 
Figure 2, a "password 1") from the database 240, and 
outputs the read password to an encryption section 520 

15 included in the individual authentication- information out- 
put apparatus 400. 

[0071 ] The encryption section 520 encrypts the pass- 
word and outputs the encrypted password to the net- 
work connection section 460. 
20 [0072] The network connection section 460 sends the 
encrypted password to the terminal 420 through the net- 
work 300. 

[0073] The encryption and decryption section 440 in 
the terminal 420 decrypts the encrypted password to 
25 generate a password. The generated password is sent 
to the information processing system 310 (connection 
destination a). 

[0074] Similarly, when the user selects to use the 
service a provided by the information processing system 

30 310 using the terminal 425, the information processing 
system 310 requests the terminal 425 to input the indi- 
vidual authentication information of the user in order to 
check whether the user is the user A. 
[0075] In response to the request from the information 

35 processing system 31 0, the fingerprint pattern input sec- 
tion 435 requests the user to input a fingerprint pattern. 
The fingerprint pattern which is input to the fingerprint 
pattern input section 435 is encrypted by the encryption 
and decryption section 445. The encrypted fingerprint 

40 pattern is sent to the individual authentication informa- 
tion output apparatus 400 by the network connection 
section 455. 

[0076] The decryption section 470 receives the en- 
crypted fingerprint pattern sent by the network connec- 
ts tion section 455 through the network connection section 
460 and decrypts the encrypted fingerprint pattern so as 
to generate a fingerprint pattern. The generated finger- 
print pattern is output to the individual authentication 
section 480. 

so [0077] When receiving the fingerprint pattern from the 
decryption section 470, the individual authentication 
section 480 executes individual authentication process- 
ing based on the fingerprint pattern and outputs a signal 
specifying an individual having the fingerprint pattern to 

55 the database access section 250. When, for example, 
the user is confirmed to be the user A, the individual 
authentication section 480 outputs a signal representing 
the "user A" to the database access section 250 as an 
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individual authentication result. 
[0078] The connection destination and service spec- 
ification section 230, the database 240 and the data- 
base access section 250 operate as described in the 
first example. 

[0079] As described above, using the individual au- 
thentication information output apparatus 400, a pass- 
word corresponding to the information processing sys- 
tem selected by the user as a connection destination 
and the service selected by the user is output. Due to 
such a system, the user need not be concerned whether 
or not different passwords are set for different connec- 
tion destinations and different services. Even when 
there are a great number of connection destinations and 
services, all the user needs to do is input the same bio- 
metric information. Thus, even when there are a great 
number of connection destinations and services, all the 
passwords can be managed comprehensively without 
causing the user to be concerned about a great number 
of passwords. 

[0080] The individual authentication information out- 
put apparatus 400 can perform individual authentication 
without relying on the individual authentication system 
of the information processing system of the connection 
destination. Therefore, even when the information 
processing system of the connection destination keeps 
on using a conventional individual authentication sys- 
tem (for example, a password-based individual authen- 
tication system), a highly reliable individual authentica- 
tion system can be introduced without changing the in- 
formation processing system of the connection destina- 
tion. 

[0081] The individual authentication information out- 
put apparatus 400 includes the individual authentication 
section 480 capable of handling both fingerprint patterns 
and iris patterns. Therefore, the individual authentica- 
tion information output apparatus 400 can handle both 
an iris pattern-based individual authentication system 
and a fingerprint pattern-based individual authentication 
system. Since a plurality of individual authentication 
systems can be handled, the user can select an individ- 
ual authentication system which is convenient to the us- 
er In the case where, for example, the user is frequently 
incorrectly recognized as not being the user himself/her- 
self the user can select an individual authentication sys- 
tem which is more convenient to the user. In the case 
where one individual authentication system is not con- 
venient to a handicapped user, the handicapped user 
can use a different individual authentication system. 
(For example, a user who cannot use a fingerprint due 
to the loss of fingers can use an iris pattern-based indi- 
vidual authentication system.) 

[0082] In the above example, the information input to 
Ihe individual authentication section 480 is a fingerprint 
pattern or an iris pattern. The present invention is not 
limited to this. In the case where the individual authen- 
tication section 480 has a function of outputting individ- 
ual authentication results based on N different types of 



patterns, the individual authentication section 480 can 
be set to receive N different types of patterns, where N 
is an arbitrary integer of two or more. The N different 
types of patterns can each be any pattern tisable for in- 
s dividual authentication. The N different types of patterns 
can each be biometric information or non-biometric in- 
formation. In the case where, for example, the individual 
authentication section 480 has a function of outputting 
an individual authentication result based on a password 
10 (character or symbol code string), the individual authen- 
tication section 480 can be set to receive passwords 
(character or symbol code strings). As biometric infor- 
mation, information which represents at least one of fin- 
gerprint, face, retina, iris, handprint, voice and handwnt- 
15 ing is usable. 

[0083] The individual authentication information out- 
put apparatus 400 can be administered by an informa- 
tion distribution service provider (e.g. a company in- 
volved in service providing business) or the user him- 
20 self/herself. 

[0084] In the above example, the iris pattern sentfrom 
the terminal 420 to the individual authentication infor- 
mation output apparatus 400 and the fingerprint pattern 
sent from the terminal 425 to the individual authentica- 
25 tion information output apparatus 400 are both encrypt- 
ed, and the password sent from the individual authenti- 
cation information output apparatus 400 to the informa- 
tion processing system 310 is encrypted. However, such 
information need not necessarily be encrypted. In the 
30 case where the information is sent without being en- 
crypted, neither the encryption section nor the decryp- 
tion section is necessary. 

[0085] Figure 3 shows another exemplary structure of 
the terminal 420. 
35 [0086] The terminal 420 shown in Figure 3 further in- 
cludes an IC card readerS30. When the user inserts an 
IC card into the IC card reader 530, authentication in- 
formation stored on the IC card is sent to the individual 
authentication information output apparatus 400togeth- 
40 er with an iris pattern. 

[0087] The individual authentication section 480 (Fig- 
ure 2) executes individual authentication based on the 
iris pattern and the authentication information stored on 
the IC card. By combining individual authentication 
45 based on biometric information and individual authenti- 
cation based on non-biometric information, the reliability 
of individual authentication can be further improved. 
[0088] The individual authentication based on the au- 
thentication information stored on the IC card need not 
so necessarily be performed within the individual authenti- 
cation information output apparatus 400. Such individ- 
ual authentication can be performed in another appara- 
tus (administered by a different business) connected to 
the network 300. 
55 [0089] Figure 4 shows still another exemplary struc- 
ture of the terminal 420. 

[0090] The terminal 420 shown in Figure 4 further in- 
cludes a user IC input section 540. The user IC input 
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section 540 is used by the user to input a user ID to the 
terminal 420. As the user ID , a user name or a user nick- 
name, for example, is usable. The user ID is sent to the 
individual authentication information output apparatus 
400 together with an iris pattern. 
[0091] The individual authentication section 480 (Fig- 
ure 2) executes individual authentication by determining 
whether or not the iris pattern sent from the terminal 420 
matches an iris pattern corresponding to the user ID 
sent from the terminal 420. Due to such a system, the 
individual authentication section 480 need not find a us- 
er corresponding to the iris pattern sent from the termi- 
nal 420 from among all the users in a database for each 
authentication. Therefore, the time period required by 
the individual authentication section 480 for individual 
authentication processing can be significantly reduced. 
[0092] The user ID can be input to the terminal 420 
using a keyboard of the terminal 420. Alternatively, voice 
which is input from a microphone can be converted into 
a user ID using a voice recognition section. 
[0093] A user ID can be an ID inherent to the terminal, 
or a combination of information inherent to a user, such 
as a user name or the like, and an ID inherent to a ter- 
minal. An ID which is inherent to a terminal can be, for 
example, a telephone number (when the terminal is a 
cellular phone) or an IP address. 
[0094] Figure 5 shows still another exemplary struc- 
ture of the terminal 420. 

[0095] The structure of the terminal 420 shown in Fig- 
ure 5 is effective when individuals who can use the ter- 
minal 420 are limited. 

[0096] The terminal 420 shown in Figure 5 further in- 
cludes a candidate list storage section 550. The candi- 
date list storage section 550 stores a list of user IDs 
(candidate list) of the individuals who can use the termi- 
nal 420. The candidate list is prepared in advance by 
the owner of the terminal 420. The candidate list is sent 
to the individual authentication information output appa- 
ratus 400 together with an iris pattern. 
[0097] The individual authentication section 480 exe- 
cutes individual authentication by determining whether 
or not the iris pattern sent from the terminal 420 matches 
an iris pattern corresponding to the user ID in the can- 
didate list sent from the terminal 420. Due to such a sys- 
tem, the individual authentication section 480 need not 
find a user corresponding to the iris pattern sent from 
the terminal 420 from among all the users in a database 
for each authentication. Therefore, the time period re- 
quired by the individual authentication section 480 for 
individual authentication processing can be significantly 
reduced. 

[0098] The structure of the terminal 425 shown in Fig- 
ure 2 can be changed so as to have a structure shown 
in either one of the structures shown in Figures 3 
through 5. 



(Example 3) 



[0099] Figure 6 shows an exemplary structure of an 
individual authentication information output apparatus 
5 600 according to a third example of the present inven- 
tion. 

[0100] The individual authentication information out- 
put apparatus 600 is constructed to be connectable to 
a plurality of information processing systems including 
10 an information processing system 750 (connection des- 
tination c) and an information processing system 770 
(connection destination d) through a network 300. 
[0101] In this example, the information processing 
system 750 requires a userto input a fingerprint pattern. 
15 in order to determine whether the fingerprint pattern in- 
put by the user is proper or not, the information process- 
ing system 750 has a database 760 for managing fin- 
gerprints in association with the users. In the example 
shown in Figure 6, the database 760 manages a finger- 
20 print A in association with a user A. 

[0102] It is assumed that, for example, the user A ap- 
plies for use of the information processing system 750. 
Such an application is achieved by, for example, directly 
or indirectly inputting, to the information processing sys- 
25 tern 750, the information that the user A wants to use 
the information processing system 750. Then, the infor- 
mation processing system 750 determines whether or 
not the fingerprint input to the information processing 
system 750 matches the fingerprint stored in the data- 
30 base 760. When the two fingerprints match each other, 
the information processing system 750 determines that 
the input fingerprint is proper and permits the user A to 
use the information processing system 750. When the 
two fingerprints do not match each other, the information 
35 processing system 750 rejects use of the information 
processing system 750 by the user A. 
[0103] Similarly, the information processing system 
770 requests the user to input a fingerprint. The infor- 
mation processing system 770 has a similar structure to 
40 that of the information processing, system 750 and will 
not be described here. 

[0104] The individual authentication information out- 
put apparatus 600 is constructed to be connectable aiso 
to a plurality of terminals including the terminal 420 
45 through the network 300. 

[0105] The individual authentication information out- 
put apparatus 600 includes an iris pattern analysis sec- 
tion 680, a database 700, and a data access section 
710. 

50 [0106] Regarding Figure 6, identical elements previ- 
ously discussed with respect to Figure 2 bear identical 
reference numerals and the detailed descriptions there- 
of will be omitted. 

[0107] Hereinafter, an operation of the individual au- 
55 thentication information output apparatus 600 will be de- 
scribed. Here, it is assumed that the user A uses a serv- 
ice provided by the information processing system 750 
to take steps to purchase a product. In this case, the 
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user A connects the terminal 420 to the information 
processing system 750 (connection destination c) and 
determines which product to purchase using the product 
purchase service. The product to purchase can be de- 
termined by, for example, following a hierarchical menu 
displayed on a screen of a display section (not shown) 
of the terminal 420. 

[0108] When the user selects to use the information 
processing system 750 using the terminal 420, the in- 
formation processing system 750 requests the terminal 
420 to input individual authentication information in or- 
der to check whether the user is the user A. 
[01 09] In response to the request from the information 
processing system 750, the iris pattern input section 430 
requests the user to input an iris pattern (image data). 
The iris pattern which is input to the iris pattern input 
section 430 is encrypted by the encryption and decryp- 
tion section 440. The encrypted iris pattern is sent to the 
individual authentication information output apparatus 
600 by the network connection section 450. 
[0110] A decryption section 470 included in the indi- 
vidual authentication information output apparatus 600 
receives the encrypted iris pattern sent by the network 
connection section 450 through a network connection 
section 460 included in the individual authentication in- 
formation output apparatus 600, and decrypts the en- 
crypted iris pattern so as to generate an iris pattern. The 
generated iris pattern is output to an iris pattern analysis 
section 680. 

[0111] The iris pattern analysis section 680 analyzes 
the iris pattern (image data) and outputs an iris pattern 
(bit string comprising "0 u s and *Vs) as the analysis re- 
sult 

[0112] The database 700 manages pseudo finger- 
print patterns in association with iris patterns (bit string 
comprising tt 0 a s and "1 B s). Herein, the term "pseudo fin- 
gerprint pattern" refers to a pattern having the same for- 
mat as that of a fingerprint pattern (bit string comprising 
"0"s and "1 B s). 

[01 1 3] The database access section 71 0 determines 
whether or not the iris pattern (bit string comprising "0"s 
and "1"s) output from the iris pattern analysis section 
680 as the analysis result matches the iris pattern (bit 
string comprising "0"s and n 1 n s) stored in the database 
700. Only when the two iris patterns match each other, 
does the database access section 710 read a pseudo 
fingerprint pattern corresponding to the iris pattern from 
the database 700, and output the read pseudo finger- 
print pattern to an encryption section 520. 
[01 1 4] The encryption section 520 encrypts the pseu- 
do fingerprint pattern and outputs the encrypted pseudo 
fingerprint pattern to the network connection section 
460. 

[0115] The network connection section 460sendsthe 
encrypted pseudo fingerprint pattern to the terminal 420 
through the network 300. 

|0116] The encryption and decryption section 440 of 
the terminal 420 decrypts the encrypted pseudo finger- 



print pattern to generate a pseudo fingerprint pattern. 
The generated pseudo fingerprint pattern is sent to the 
information processing system 750 (connection desti- 
nation c). 

5 [0117] As described above, the individual authentica- 
tion information output apparatus 600 has a function of 
converting a first type individual authentication informa- 
tion (for example, iris pattern) which is input thereto to 
a second type individual authentication information (for 
10 example, pseudo fingerprint pattern), which is different 
from the first type individual authentication information, 
and outputting the second type individual authentication 
information to the information processing system of the 
connection destination. Due to such a system, a user 
15 interface can be provided for adopting an individual au- 
thentication system based on the first type individual au- 
thentication information for an information processing 
system which adopts an individual authentication sys- 
tem based on the second type individual authentication 
20 information. As a result, the user can select an individual 
authentication system which is convenient to the user. 
For example, a handicapped individual who cannot use 
a fingerprint due to the loss of fingers can input an iris 
pattern. The iris pattern is converted into a pseudo fin- 
25 gerprint pattern (pattern identical to the fingerprint in a 
pseudo manner.). Thus, an information processing sys- 
tem adopting an individual authentication system based 
on a fingerprint pattern is usable. 
[01 1 8] Since the individual authentication information 
30 output apparatus 600 converts the individual authenti- 
cation information, it is not necessary that one terminal 
has a plurality of individual authentication systems 
mounted thereon, that a user carry a plurality of termi- 
nals, or the structure of the information processing sys- 
35 tern 750 is changed. 

[01 19] As described above, each of the first type indi- 
vidual authentication information and the second type 
individual authentication information can be any type of 
individual authentication information usable for individ- 
40 ual authentication. For example, each of the first type 
individual authentication information and the second 
type individual authentication information can be bio- 
metric information (code string), pseudo biometric infor- 
mation (code string), or a password (character or sym- 
45 bol code string). The biometric information can be infor- 
mation representing at least one of fingerprint, face, ret- 
ina, iris, handprint, voice and handwriting. 
[0120] The terminal 420 can include, instead of the 
iris pattern analysis section 430, a biometric information 
so input section for receiving biometric information other 
than an iris pattern (for example, biometric information 
representing fingerprint, face, retina, handprint, voice or 
handwriting). The individual authentication information 
output apparatus 600 can include, instead of the iris pat- 
55 tern analysis section 680, an analysis section corre- 
sponding to the biometric information input section. 
[0121] Instead of the pseudo fingerprint patterns, the 
database 700 can store pseudo biometric information 
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other than the fingerprint patterns (for example, biomet- 
ric information representing face, retina, iris, handprint, 
voice or handwriting). Instead of the pseudo biometric 
information, the database 700 can store passwords or 
biometric information. 

[01 22] The database 700 can associate one user with 
a plurality of types of biometric information (or pseudo 
biometric information), so that one biometric feature can 
be used for various information processing systems us- 
ing the individual authentication information output ap- 
paratus 600. 

[01 23] I n the above example, the iris pattern sent from 
the terminal 420 to the individual authentication infor- 
mation output apparatus BOO is encrypted, and the 
pseudo fingerprint pattern sent from the individual au- 
thentication information output apparatus 600 to the in- 
formation processing system 750 is encrypted. Howev- 
er, such information need not necessarily be encrypted. 
In the case where the information is sent without being 
encrypted, neither the encryption section nor the de- 
cryption section is necessary. 

[0124] At least one of information stored in the data- 
base 700, information to be input to the database 700 
and information to be output from the database 700 can 
be encrypted. 

[0125] In the above example, the database 700 does 
not associate the pseudo fingerprint patterns in associ- 
ation with the connection destinations and the contents 
of services. However, as in the first and second exam- 
ples, the database 700 can associate the pseudo finger- 
print patterns in association with the connection desti- 
nations and the contents of services. 
[01 26] Figure 7 shows another exemplary structure of 
the individual authentication information output appara- 
tus 600. 

[0127] Regarding Figure 7, identical elements previ- 
ously discussed with respect to Figure 6 bear identical 
reference numerals and the detailed descriptions there- 
of will be omitted. 

[01 28] An iris pattern analysis section 800 receives an 
iris pattern from the decryption section 470 and analyz- 
es the iris pattern. Thus, the iris pattern analysis section 
800 outputs, as an analysis result of the iris pattern, in- 
formation representing candidates for the user and in- 
formation representing the probability which shows how 
probable that each candidate is the user, to a biometric 
information processing section 810. In the case where, 
for example, the probability that the user is the user A 
is 0.9, the probability that the user is the user B is 0, and 
the probability that the user is the user C is 0.1 , the iris 
pattern analysis section 800 outputs information repre- 
senting candidates for the user (i.e., user A, user C), 
and information representing the probability (i.e., 0.9, 
0.1) to the biometric information processing section 810. 
[0129] The biometric information processing section 
810 uses the information representing the probability 
which is output from the iris pattern analysis section 800 
to process the pseudo biometric information which is 



output from the database access section 710. For ex- 
ample, the biometric information processing section 810 
synthesizes a pattern corresponding to 90% of the pseu- 
do fingerprint of the user A and a pattern corresponding 
5 to 1 0% of the pseudo fingerprint of the user C to gener- 
ate a new pseudo fingerprint pattern. The pseudo bio- 
metric information obtained as a result of processing 
performed by the biometric information processing sec- 
tion 810 in this manner is output to the encryption see- 
to tion 520. 

[0130] Unlike a password, biometric information 
changes each time it is obtained. For example, a finger- 
print pattern changes each time it is obtained by a sen- 
sor. By processing the pseudo fingerprint pattern in ac- 
ts cordance with the analysis result of the biometric infor- 
mation as described above with reference to Figure 7, 
the change in the fingerprint pattern can be simulated. 
As a result, a fingerprint pattern closer to an actual fin- 
gerprint can be input to the information processing sys- 
20 tern. 

[0131] Figure 8 shows still another exemplary struc- 
ture of the individual authentication information output 
apparatus 600. 

[0132] The individual authentication information out- 
25 put apparatus 600 shown in Figure 8 is constructed so 
that an IC card 830 can be inserted thereto. The ICcard 
830 stores an iris pattern (bit string comprising "0"s and 
"1 B s) and a fingerprint pattern (bit string comprising "0 M s 
and "1"s) as a pair. When the ICcard 30 is inserted into 
30 the individual authentication information output appara- 
tus 600, an IC card data access section 820 determines 
whether or not the iris pattern (bit string comprising "0"s 
and u 1"s) which is output from the iris pattern analysis 
section 680 as the analysis result matches the iris pat- 
35 tern (bit string comprising B 0°s and M"s) stored on the 
IC card 830. Only when the two iris patterns match each 
other, does the IC card data access section 820 read 
the fingerprint pattern corresponding to the iris pattern 
from the IC card 830, and output the fingerprint pattern 
40 from the encryption section 520. 

[0133] By constructing a database of a detachable 
medium such as an IC card, a memory or the like, the 
individual authentication information output apparatus 
can be usable by a great number of users. 
45 [0134] According to the present invention, individual 
authentication information (for example, a password) at 
least corresponding to an information processing sys- 
tem selected by a user as a connection destination is 
output. Therefore, the user need not be concerned 
so about whether or not different individual authentication 
information (for example, -different passwords) is set by 
different information processing systems of different 
connection destinations. Even when there are a -great 
number of information processing systems of connec- 
55 tion destinations, all the user needs to do is input the 
same input. Thus, even when there are a great number 
of information processing systems of connection desti- 
nations, all the types of individual authentication infor- 
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mation (e.g., passwords) can be managed comprehen- 
sively without causing the user to be concerned about 
a great number of types of individual authentication in- 
formation (e.g., passwords). 

F01351 According to the present invention, individual 
authentication can be performed by the individual au- 
thentication information output apparatus without rely- 
inq on the individual authentication system of the infor- 
mation processing system of the connection destma- 
tion Therefore, even when the information processing 
system of the connection destination keeps on using a 
conventional individual authentication system (for ex- 
ample, a password-based individual authentication sys- 
tem), a highly reliable individual authentication system 
can be introduced without changing the information 
processing system of the connection destination. 
[01 36] According to the present invention, an individ- 
ual authentication section capable of handling both a 
first type input (e.g., fingerprint patterns) and a second 
type input (e.g., iris patterns) is provided. Therefore, 
both an individual authentication system based on the 
first type input and an individual authentication system 
based on the second type input can be handled. Since 
a plurality of individual authentication systems can be 
handled, the user can select an individual authentication 
system which is convenient to the user. 
[0137] According to the present invention, the first 
type individual authentication information (e.g., iris pat- 
tern) which is input is converted into a second type in- 
dividual authentication information (e.g., pseudo finger- 
print pattern) which is different from the first type indi- 
vidual authentication information, and the second type 
individual authentication information is output to the in- 
formation processing system of the connection destina- 
tion. Therefore, a user interface can be provided for 
adopting an individual authentication system based on 
the first type individual authentication information for an 
information processing system which adopts an individ- 
ual authentication system based on the second type in- 
dividual authentication information. As a result, the user 
can select an individual authentication system which is 
convenient to the user. 

[01 38] Various other modifications will be apparent to 
and can be readily made by those skilled in the art with- 
out departing from the scope and spirit of this invention. 
Accordingly, it is not intended that the scope of the 
claims appended hereto be limited to the description as 
set forth herein, but rather that the claims be broadly 
construed. 



Claims 

1 . An individual authentication information output ap- 
paratus connectable to a plurality of information 
processing systems through a network, the appa- 
ratus comprising: 
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an input section for receiving an input from a 
user; 

an individual authentication section for output- 
ting an individual authentication result of the us- 
er based on the input from the user, 
a specification section for specifying at least an 
information processing system selected by the 
user among the plurality of information 
processing systems; 

a database for managing individual authentica- 
tion information in association with the individ- 
ual authentication result provided by the indi- 
vidual authentication section and a specifica- 
tion result provided by the specification section; 
and 

a database access section for, based on the in- 
dividual authentication result provided by the 
individual authentication section and the spec- 
ification result provided by the specification 
section, reading the individual authentication 
information associated therewith, and output- 
ting the read individual authentication informa- 
tion to the selected ihf ormation processing sys- 
tem through the network. 

2. An individual authentication information output ap- 
paratus according to claim 1 , wherein the specifica- 
tion section further specifies a service selected by 
the user among a plurality of services provided by 
the information processing system selected by the 
user. 

3. An individual authentication information output ap- 
paratus according to claim 1 , wherein the individual 
authentication information is either one of a pass- 
word, biometric information and pseudo biometric 
information. 

4. An individual authentication information output ap- 
paratus according to claim 1 , wherein the input from 
the user is biometric information representing at 
least one of fingerprint, face, retina, iris, handprint, 
voice and handwriting. 

5. An individual authentication information output ap- 
paratus connectable to a plurality of terminals and 
a plurality of information processing systems 
through a network, wherein the plurality of terminals 
include a first terminal having a first input section 
for receiving a first type input from the user and a 
second terminal having a second input section for 
receiving a second type input, which is different 
from the first type input, from a user, the first type 
input and the second type input being provided to 
the individual authentication information output ap- 
paratus through the network, the apparatus com- 
prising: 
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an individual authentication section for output- 
ting an individual authentication result of the us- 
er based on one of the first type input and the 
second type input from the user; 
a specification section for specifying at least an 
information processing system selected by the 
user among the plurality of information 
processing systems; 

a database for managing individual authentica- 
tion information in association with the individ- 
ual authentication result provided by the indi- 
vidual authentication section and a specifica- 
tion result provided by the specification section; 
and 

a database access section for, based on the in- 
dividual authentication result provided by the 
individual authentication section and the spec- 
ification result provided by the specification 
section, reading the individual authentication 
information associated therewith, and output- 
ting the read individual authentication informa- 
tion to the selected information processing sys- 
tem through the network. 

An individual authentication information output ap- 
paratus according to claim 5, wherein the specifica- 
tion section further specifies a service selected by 
the user among a plurality of services provided by 
the information processing system selected by the 
user. 



dividual authentication information; and 
a database access section for, based on the 
first type individual authentication information, 
reading the second type individual authentica- 
5 tion information associated therewith, and out- 

putting the read second type individual authen- 
tication information to a selected information 
processing system among the plurality of infor- 
mation processing systems through the net- 
to work. 

10. An individual authentication information output ap- 
paratus according to claim 9, wherein each of the 
first type individual authentication information and 

15 the second type individual authentication informa- 
tion is either one of a password, biometric informa- 
tion and pseudo biometric information. 

11. An individual authentication information output ap- 
20 paratus according to claim 10, wherein the input 

from the user is biometric information representing 
at least one of fingerprint, face, retina, iris, hand- 
print, voice and handwriting. 

25 12. An individual authentication information output ap- 
paratus according to claim 9, wherein the database 
is a medium detachable from the individual authen- 
tication information output apparatus. 
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An individual authentication information output ap- 
paratus according to claim 5, wherein the individual 
authentication information is either one of a pass- 
word, biometric information and pseudo biometric 
information. 

An individual authentication information output ap- 
paratus according to claim 5, wherein the input from 
the user is biometric information representing at 
least one of fingerprint, face, retina, iris, handprint, 
voice and handwriting. 



An individual authentication information output ap- 
paratus connectable to a plurality of terminals and 45 
a plurality of information processing systems 
through a network, wherein the plurality of terminals 
include a first terminal having a first input section 
for receiving first type individual authentication in- 
formation from a user, the first type individual au- so 
thentication information being provided to the indi- 
vidual authentication information output apparatus 
through the network, the apparatus comprising: 

a database for managing second type individ- 55 
ual authentication information, which is differ- 
ent from the first type individual authentication 
information, in association with the first type in- 
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FIG. 6 
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